feat: Schedule bookings

supabase/migrations/20260420200000_boat_images_storage.sql

@@ -0,0 +1,44 @@
+-- Create boat-images storage bucket
+insert into storage.buckets (id, name, public, file_size_limit, allowed_mime_types)
+values (
+  'boat-images',
+  'boat-images',
+  true,
+  10485760,
+  array['image/jpeg', 'image/png', 'image/webp']
+)
+on conflict (id) do nothing;
+
+-- Public read (bucket is public, but explicit policy is required for RLS)
+create policy "Anyone can read boat images" on storage.objects
+  for select using (bucket_id = 'boat-images');
+
+-- Admins/boatswains can upload
+create policy "Admins can upload boat images" on storage.objects
+  for insert with check (
+    bucket_id = 'boat-images' and
+    exists (
+      select 1 from public.members
+      where user_id = auth.uid() and role in ('admin', 'boatswain')
+    )
+  );
+
+-- Admins/boatswains can replace/update
+create policy "Admins can update boat images" on storage.objects
+  for update using (
+    bucket_id = 'boat-images' and
+    exists (
+      select 1 from public.members
+      where user_id = auth.uid() and role in ('admin', 'boatswain')
+    )
+  );
+
+-- Admins/boatswains can delete
+create policy "Admins can delete boat images" on storage.objects
+  for delete using (
+    bucket_id = 'boat-images' and
+    exists (
+      select 1 from public.members
+      where user_id = auth.uid() and role in ('admin', 'boatswain')
+    )
+  );